Galois and Kry10 Complete Second UPGRADE Hackathon

Last week, the Galois SAFE-dev team headed to Nashville, TN for the second ARPA-H UPGRADE Hackathon — a program-wide event that challenges participating teams to defend hospital networks and devices against the kinds of cyberattacks that threaten patient care.

UPGRADE — short for Universal Patching and Remediations for Autonomous Defense — brings together researchers and developers working to build autonomous defenses against common vulnerabilities and exposures affecting healthcare infrastructure.Galois is leading a team focused on developing network-based defenses that automatically reconfigure hospital networks to isolate vulnerable devices, denying access to attackers while maintaining expected use for patient care. Principal Scientists Taisa Kushner, Scott Moore, and Cole Schlesinger are leading the effort.

The Hackathon challenge problems are built around real-world CVEs found in medical devices and software — including vulnerabilities in DHCP and FTP services, DICOM medical image processing, and EMR interchange software. Each challenge deploys a vulnerable device within a simulated hospital network, with topologies modeled after small/rural, mid-sized, and large/urban hospital environments, reflecting the diverse real-world settings our defenses need to protect.We're proud to report that our team successfully defended against 8 of 9 vulnerabilities presented to us as challenge problems.

We're grateful to work alongside our outstanding subcontractor Kry10, whose hardware-based firewall complements our software approach to provide comprehensive protection for end-of-life hospital devices.